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What is claimed is: 

1. An integrated circuit card for use with a 
terminal , comprising^: 

a communicator configured to communicate with 
the terminal; \ 

a memory snoring: 

an application having a high level 
programming language format, and 

an interpreter; and 

a processor coupled to the memory, the 
processor configured to use the interpreter to interpret the 
application for execution and use the communicator to 
communicate with the terminal. 




2. The integrated circuit X6afd of claim l # wherein 
the high level programming languag^N^roaj^ comprises a class 
file format. 

3 . The integrated circuit card\of claim 1 wherein 
the processor comprises a microcontrolle] 

4. The integrated circuit card of\^laim 1 wherein 
at least a portion of the memory is located \n the 
processor. 




5. The integrated circuit card of claim 1 wherein 
the high level programming language format comprises a Java 
programming language format. 
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6. Npie integrated circuit card of claim 1, wherein 
le application has been processed from a 

second application having a string of characters, and 

the Nstring of characters is represented in the 
first application\by an identifier. 

7. The integrated circuit card of claim 6, wherein 
the identifier comprises an integer. 

8 . The integrated circuit card of claim 1 wherein 
the processor is further configured to: 

receive a request from a requester to access an 
element of the card; 

after receipt ofNthe request, interact with the 
requester to authenticate an identity of the requester; and 

based on the identify, selectively grant access 
to the element. 

9. The integrated circui^t/pard of claim 8, wherein 
the requester comprises the processo^ 

10. The integrated circuit car^ of claim 8, wherein 
the requester comprises the terminal 

11. The integrated circuit card ok claim 8, wherein 
the element comprises the application stored in 

the memory, and 

once access is allowed, the requester is 
configured to use the application. 



12. The integrated circuit card of claim 8, wherein 
the element comprises another application 
stored in the memory. \ 



t 



13. \The integrated circuit card of claim 8, wherein 
the element includes data stored in the memory. 

14 . The\integrated circuit card of claim 8 wherein 
the element comprises the communicator. 

15. The integrated circuit card of claim 8, wherein 
the memory also stores an access control list for the 
element, the access control list furnishing an indication of 
types of access to be granted to the identity, the processor 
further configured to: 

based on the\ access control list, selectively 
grant specific types of acoess to the requester. 

16. The integrated circuit card of claim 15 wherein 
the types of access include reading data. 

17. The integrated circui^; card of claim 15 wherein 
the types of access include writin^data. 

18 . The integrated circuit card of claim 15 wherein 
the types of access include appending Wta . 

19. The integrated circuit card of claim 15 wherein 
the types of access include creating data.N 

20. The integrated circuit card of\claim 15 wherein 
the types of access include deleting data, 

21. The integrated circuit card of claidm 15 wherein 
the types of access include executing an application. 
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22. The integrated circuit card of claim 1, wherein 
the application is one of a plurality of applications stored 
in the memory, Vhe processor is further configured to: 

receive a request from a requester to access 
one of the plurality of applications; 

afterV receipt of the request, determine whether 
said one of the plurality of applications complies with a 
predetermined set on rules; and 

based onvthe determination, selectively grant 
access to the requested- to said one of the plurality of 
applications. \ 

\ 

23. The integrated circuit card of claim 22, 
wherein the predetermined ^ules provide a guide for 
determining whether said one^of the plurality of 
applications accesses a predetermined region of the memory. 




24. The integrated citcMW^card of claim 22, 
wherein the processor is further\conf igured to: 

authenticate an identity of the requester; and 
grant access to said one of \the plurality of 
applications based on the identity. \ 



\ 
\ 



25. The integrated circuit ca^d of claim 1, wherein 
the processor is further configured to:\ 

interact with the terminal via the communicator 
to authenticate an identity; and \ 

determine if the identity has-been 
authenticated; and \ 

based on the determination, selectively allow 
communication between the terminal and the integrated 
circuit card. 



26. \The integrated circuit card of claim 25, 
wherein the communicator and the terminal communicate via 
communication ojiannels, the processor further configured to 
assign one of tnte communication channels to the identity 
when the processoV allows the communication between the 
terminal and the integrated circuit card, 

27. The integrated circuit card of claim 26, 
wherein the processor \s further configured to: 

assign a session\key to said one of the 
communication channels, afad 

use the session keyv when the processor and the 
terminal communicate via sard one of the communication 
channels . 

28. The integrated c$rjkkt card of claim 1, wherein 
the terminal has a card reader and the communicator 
comprises a contact for communi catling with the card reader. 

29. The integrated circuit dard of claim 1, wherein 
the terminal has a wireless communication device and the 
communictor a wireless transceiver f or \communi eating with 
the wireless communication device. 



30. The integrated circuit card oft claim 1, wherein 
the terminal has a wireless communication dVvice and the 
communicator comprises a wireless transmitted for 
communicating with the wireless communication\device . 



31 A A method for use with an integrated circuit 
card and a terminal, comprising: 

;oring an interpreter and an application 
having a high level programming language format in a memory 
of the integrated circuit card; and 

using a processor of the integrated circuit 
card to use the interpreter to interpret the application for 
execution; and 

using a Ncommunicator of the card when 
communicating between\the processor and the terminal. 

32. The method \f claim 31, wherein the high level 
programming language format comprises a class file format. 

33 The method of dlaim 31, wherein the processor 
comprises a microcontroller, 

34. The method of cl^ife-^l, wherein at least a 
portion of the memory is locateo^ in the processor. 

35. The method of claim 3i, wherein the high level 
programming language format comprises a Java programming 
language format. 



36. The method of claim 1, wherein 

the application has been processed from a 
second application having a string of characters, further 
comprising: 

representing the string of characters in the 
first application by an identifier. 



37. The method of claim 36, wherein th^v identifier 
includes an integer. \ 



3 8. \ The method of claim 31, further comprising: 

Veceiving a request from a requester to access 
an element of\the card; 

after receipt of the request, interacting with 
the requester to authenticate an identity of the requester; 
and \ 

baseci on the identity, selectively granting 
access to the element . 

39. The metkod of claim 38, wherein the requester 
comprises the processor. 

40. The method\of claim 38, wherein the requester 
comprises the terminal . \ 

41. The method oErelaim 38, wherein the element 
comprises the application ^kore^Kin the memory, further 
comprising : \S\ 

once access is allowed, using the application 
with the requester. \ 

42. The method of claim\38, wherein the element 
comprises another application stared in the memory. 

43. The method of claim 3 8\ wherein the element 
includes data stored in the memory. \ 



44. The method of claim 38, wherein the element 
comprises the communicator. \ 



45. \ The method of claim 38, wherein the memory also 
stores an access control list for the element, the access 
control list Furnishing an indication of types of access to 
be granted to the identity, further comprising: 

based on the access control list, using the 
processor to selectively grant specific types of access to 
the requester. 

46. The method of claim 45, wherein the types of 
access include reading data. 

47. The method of claim 45, wherein the types of 

access include writing daVaT 

~ f\ 

48. The method ol^Aaim 45, wherein the types of 
access include appending data\ 

49. The method of claita 45, wherein the types of 
access include creating data, 

50. The method of claim 45\ wherein the types of 
access include deleting data. 

51. The method of claim 45, wherein the types of 
access including executing an application^ 
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52. The method of claim 31, wherein the application 
is one of a plurality of applications stored in the memory, 
further comprising: 

receiving^ a request from a requester to access one 
of the applications stored in the memory; 

upon receipt of the request, determining whether 
said one of the plurality of applications complies with a 
predetermined set of\ rules; and 

based on\the determining, selectively granting 
access to the said one\ of the plurality of applications. 

53. The method G>f claim 52, wherein the 
predetermined rules provide a guide for determining whether 
said one of the plurality \f applications accesses a 
predetermined region of th^ynemoryy 

54. The method of claVm 52, further comprising: 
authenticating an indenkity of the requester; and 
based on the indentity, granting access^ to said one 

of the plurality of applications \ 

„. „. — .... comprising: 

communicating with the terminal to authenticate 

an identity; 

determining if the identit^has been 
authent icat ed ; and 

based on the determining, selectively allowing 
communication between the terminal and the\integrated 
circuit card. 
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56. The method of claim 55 , further comprising: 
communicating between the terminal and the 

processor via communxcation channels; and 

assigning None of the communication channels to 
the identity when the aMowing allows communication between 
the card reader and the i\ata^jrated circuit card. 

57. The method of c^aim 56, further comprising: 
assigning a session key to said one of the 

communication channels; and \ 

using the session keV when the processor and 
the terminal communicate via said dne of the communication 
channels. \ 
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58. A smart card comprising: 

a memory storing a Java interpreter; and 
a processor configured to use the interpreter 
to interpret a Jav^ application for execution. 

5 59. A microcontroller comprising: 

a semiconductor substrate; 
a memory located in the substrate; 
a programming language interpreter stored in 
the memory and configured to implement security checks; and 
10 a central processing unit located in the 

substrate and coupled to the memory. 

L-z. \ 
I s * \^ 

2 60. The microcontroller of claim 59, wherein the 

y interpreter comprises a Java b^te code interpreter. 

_ 61. The microcontroller /ofTcl^m 59, wherein the 

□ 15 security checks comprise establi\§£ang firewalls. 

\ 



p 62. The microcontroller of 6laim 59, wherein the 

W security checks comprise enforcing a Sandbox security model 

y ■ 




63. A smart card comprising: 
a memory; 

20 a programming language interpreter stored in 

the memory and configured to implement security checks; and 

a central processing unit coup\ed to the 
memory . \ 

64. The smart card of claim 63, wherein the 
25 interpreter comprises a Java byte code interpreter. 
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The smart card of claim 63, wherein the 
security Checks comprise establishing firewalls. 

66. \ The smart card of claim 63, wherein the 
security che&ks comprise enforcing a sandbox security model, 

5 67. aA, integrated circuit card for use with a 

terminal , comprising : 

a communicator; 

a memory storing an interpreter and first 
instructions of a \f irst application, the first instructions 
10 having been converted from second instructions of a second 
application; and \ 

a processor coupled to the memory and 
configured to use the \nterpreter to execute the first 
SJ instructions and to communicate with the terminal via the 

15 communicator. 
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68. The integrate<Aci rcuitVcard of claim 67. 
wherein the first applicat(ioij[ has a class file format. 

\^ 

69. The integrated circuit card of claim 67, 
wherein the second application lias a class file format. 

20 70. The integrated circuit^card of claim 67, 

wherein the first instructions comprise byte codes. 

71. The integrated circuit ca^d of claim 67, 
wherein the second instructions comprise^byte codes. 

72. The integrated circuit card o^ claim 67, 

2 5 wherein the first instructions comprise Ja>)a byte codes 
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73. \The integrated circuit card of claim 67, 
wherein the second instructions comprise Java byte codes. 

74. Th\ integrated circuit card of claim 67, 
wherein the fir^t instructions comprise generalized versions 
of the second instructions. 

75. The integrated circuit card of claim 67, 
wherein the first instructions comprise renumbered versions 
of the second instructions. 
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76. The integrated circuit card of claim 67, 

the second instructions include constant references, 



the first instructions include constants that 
replace the constant references of the second instructions. 

77. The integrated cfirfcjiit cay& of claim 67, 

wherein 

the second instructions inplude references, the 
references shifting location during the conversion of the 
second instructions to the first instructions, and 

the first instructions are relinked to the 
references after the shifting. 

78. The integrated circuit card\pf claim 67, 

wherein 

the first instructions comprise byre codes for a 
first type of virtual machine, and 

the second instructions comprise byte\codes for a 
second type of virtual machine, the first type\ being 
different from' the second type, 



79. A method for use with an integrated circuit 
card, comprisii 

converting second instructions of a second 
application to fittst instructions of a first application; 

storing, the first instructions in a memory of 
the integrated circuit card; and 

using an Ynterpreter of the integrated circuit 
card to execute the firist^ instructions. 

80. The method of\ claim 79, wherein the first 
application has a class fiJ^s format. 

81. The method of clsfcim 79, wherein the second 
application has a class file fen 

82. The method of claiHjY9, wherein the first 
instructions comprise byte codes. \ 

83. The method of claim 79, Wherein the second 
instructions comprise byte codes. 

84. The method of claim 79, wherein the first 
instructions comprise Java byte codes. \ 

85. The method of claim 79, wherein\the second 
instructions comprise Java byte codes 

86. The method of claim 79, wherein thk first 
instructions are generalized versions of the second 
instructions . 
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87. TheNmethod of claim 79, wherein the converting 
includes renumbering the second instructions to form first 
instructions . 




88, The method of claim 79, wherein the second 
instructions include constant references, and 

the converting includes replacing the constant 
references of the second instructions with constants. 



H 
W 

£ 

O 

w 
u 



89. The method of cl^aim 79, wherein the second 
instructions include references and the obnverting includes 

10 shifting location of the ref erfcnctes, fu/ther comprising: 

relinking the first injstXucfci^ns to the references 
after the converting. 

90. The method of claim 79,\ wherein 
the first instructions comprise byte codes for a 

15 first type of virtual machine, and \ 

the second instructions comprisev byte codes for a 
second type of virtual machine, the firs\ type being 
different from the second type 
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91 A An integrated circuit for use with a terminal, 
comprising: 

a communicator configured to communicate with the 
terminal; 

a memory Storing a first application that has been 
processed from a Second application having a string of 
characters, the string of characters being represented in 
the first applicatidtt by an identifier; and 

a processor coupled to the memory, the 
processor configured tb use the interpreter to interpret the 
first application for execution and to use the communicator 
to communicate with the Verminal. 

X 

92. The integrated^ circuit card of claim 91, 
wherein the identifier comprises an integer. 

93 . A method for use Vituh an Integrated circuit 
card and a terminal comprisinfA k J 

processing a second application to create a first 
application, the second application having a string of 
characters; \ 

representing the string of Characters of the first 
application by an identifier in the Second application; 

storing an interpreter and th^ first application in 
a memory of the integrated circuit car&; and 

using a processor of the integrated circuit card to 
use an interpreter to interpret the firsty application for 
execution. 

94. The method of claim 93, wherein\he indentifier 
includes an integer. 
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95. & microcontroller comprising: 
aVnemory storing: 

an application having a class file format, 



and 



m interpreter; and 
a processor coupled to the memory, the 
processor conf iguredV to use the interpreter to interpret the 
application for execution. 
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96. The microcontroller of claim 95, further 
10 comprising: 

a communicator configured to communicate with a 
terminal . 

97. The microcontroller of claim 96, wherein the 
terminal has a card reader andVfKfe communicator comprises a 

15 contact for communicating witl/ thj^ca^d reader . 
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98. The microcontroller ok claim 96, wherein the 
terminal has a wireless communicatibn device and the 
communictor a wireless transceiver fear communicating with 
the wireless communication device. 

99. The microcontroller of claxk 96, wherein the 
terminal has a wireless communication de^.ce and the 
communicator comprises a wireless transmitter for 
communicating with the wireless communication device. 



100. The microcontroller of claim 95, ^herein the 
25 class file format comprises a Java class file fiormat. 
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101. A rt\ethod for use with an integrated circuit 
card, comprising^ 

storing a Virst application in a memory of the 
integrated circuit ^card; 

storing a second application in the memory of the 
integrated circuit ca&d; and 

creating a fireball that isolates the first and 
second applications so that the second application cannot 
access either the first application or data associated with 
the first application, 

102. The method of cl^ln 101, wherein the first and 
second applications comprise! i^kvajbyte codes. 




103. The method of claim 1EK), wherein the creating 
includes using a Java interpreter. 

104. The method of claim 101, Wherein 

the storing of the first application is performed in 
association with manufacture of the integrated circuit card; 
and \ 

the storing of the second application is performed 
at a later time after the manufacture is completed. 
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105. An integrated circuit card for use with a 
terminal , comprisin 

a communicator configured to communicate with 
the terminal; 
5 a memory storing: 

applications, each application having a 
high level programming langti^g^ format, and 

an interpre&ix; stnd 
a processor coupled to the memory, the 
10 processor configured to: 

a. ) use the interpreter to interpret the 
applications for execution, 

b. ) use the interpreter to create a 
firewall to isolate the applications f^pm each other, and 

c. ) use the communicat6^r to communicate 
with the terminal. 
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